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WE CLAIM: 

1. A method of performing remote notification of records 
each having a respective record identifier, the method 
comprising : 

5 maintaining a record-user mapping which associates 

with each of a plurality of record identifiers a respective one 
or more user names; 

for each record upon which remote notification is to 
be performed: 

10 a) obtaining the record's record identifier's 

respective one or more user names from the record-user mapping; 

b) for each user name in the record's record 
identifier's respective one or more user names obtaining from a 
user name -addressable entity mapping a respective addressable 
15 entity and sending a notification of the record to the 
addressable entity. 

2 . A method according to claim 1 further comprising 
maintaining the user name -addressable entity mapping from each 
user name to the respective addressable entity. 

20 3. A method according to claim 2 wherein the user name- 

addressable entity mapping is a trusted mapping. 

4. A method according to claim 1 adapted to perform 

remote notification of records generated by a certificate 
management system, wherein obtaining from a user name- 
25 addressable entity mapping a respective addressable entity 
comprises obtaining a respective addressable entity from a 
respective certificate stored in a repository of published 
certificates . 
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5 . A method according to claim 4 wherein the certificate 
management system comprises a PKI (Public Key Infrastructure) . 

6. A method according to claim 4 further comprising: 

maintaining the repository of published certificates 
5 in which is stored for each of a plurality of user names the 
respective certificate in which is identified the respective 
addressable entity. 

7. a method according to claim 1 wherein the addressable 
entity is an E-mail address. 

10 8 . A method according to claim 1 wherein each user name 

is a distinguished name in accordance with X.500. 

9. a method according to claim 4 wherein the repository 

of published certificates is maintained in accordance with the 
X.500 series of recommendations. 

15 10. A method according to claim 9 further comprising for 

each certificate storing the respective addressable entity in a 
certificate extension field of the certificate. 

11. A method according to claim 10 wherein storing the 
respective addressable entity in a certificate extension field 

2 0 of the certificate comprises storing the respective addressable 
entity in a subject alternative name extension. 

12 . A method according to claim 4 further comprising 
obtaining a new set of records for processing from time to 
time, and conducting steps a) and b) for each record in the new 

2 5 set of records. 

13. A method according to claim 11 further comprising 
storing record reading parameters which determine circumstances 
under which the new set of records for processing is to be 
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obtained, and obtaining the new set of records for processing 
in accordance with the record reading parameters. 

14. A method according to claim 1 further comprising 
protecting each notification message by encryption and/or 

5 digital signature. 

15. A method according to claim 4 further comprising 
protecting each notification message by encryption and/or 
digital signature . 

16. a method according to claim 4 further comprising 
10 verifying authenticity of the respective certificate before 

sending the notification to the addressable entity obtained 
from the respective certificate. 

17. A method according to claim 1 further comprising 
maintaining an identification of a language of choice for each 

15 user name, before sending a notification to an addressable 
entity obtained for a particular user name, determining the 
particular user name's language of choice and including a 
translation of text in the notification message into the 
language of choice . 

20 18. A method according to claim 1 further comprising: 

identifying at least one record identifier for which 
target audit record processing is to be performed, the target 
audit record processing comprising: 

for each record identifier for which target audit 
2 5 record processing is to be performed reading from the 

associated record a target user name, obtaining from the user 
name -addressable entity mapping a respective addressable entity 
for the target user name and sending a notification of the 
record to the addressable entity. 
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19. A method according to claim 4 further comprising: 

identifying at least one record identifier for which 
target record processing is to be performed, the target audit 
record processing comprising: 

5 for each record identifier for which target record 

processing is to be performed reading from the associated 
record a target user name, obtaining from the repository of 
published certificates a respective addressable entity for the 
target user name and sending a notification of the record to 
10 the addressable entity. 

20. A method of performing remote notification of records 
each having a respective record identifier, the method 
comprising: 

identifying at least one record identifier for which 
15 target record processing is to be performed, the target audit 
record processing comprising: 

for each record identifier for which target record 
processing is to be performed reading from an associated record 
a target user name which identifies a user name which was a 
2 0 target of an operation which resulted in the record, obtaining 
from a user name-addressable entity mapping a respective 
addressable entity for the target user name and sending a 
notification of the record to the addressable entity. 

21. A method according to claim 20 further comprising 

25 maintaining the user name-addressable entity mapping from each 
user name to the respective addressable entity. 

22. A method according to claim 21 wherein the user name- 
addressable entity mapping is a trusted mapping. 
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23. A method according to claim 2 0 adapted to perform 
remote notification of records generated by a certificate 
management system, wherein obtaining from a user name- 
addressable entity mapping a respective addressable entity 

5 comprises obtaining the respective addressable entity from a 
respective certificate stored in a repository of published 
certificates . 

24. A method according to claim 21 wherein the 
certificate management system comprises a PKI (Public Key 

10 Infrastructure) . 

25. A method according to claim 23 further comprising: 

collecting a set of records generated by the 
certificate management system. 

26. A method according to claim 23 further comprising: 

15 maintaining a repository of published certificates in 

which is stored for each of a plurality of user names a 
respective certificate in which is identified a respective 
addressable entity. 

27. A method according to claim 23 wherein the 
20 addressable entity is an E-mail address. 

28. A method according to claim 23 wherein each user name 
is a distinguished name in accordance with X.500. 

29. A method according to claim 23 wherein the repository 
of published certificates is maintained in accordance with the 

25 X.500 series of recommendations and further comprising for each 
certificate storing the respective addressable entity in a 
certificate extension of the certificate. 
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30. A method according to claim 29 wherein storing the 

respective addressable entity in a certificate extension of the 
certificate comprises storing the respective addressable entity 
in a subject alternative name extension. 

5 31. a method according to claim 23 further comprising 

obtaining a new set of records for processing from time to 
time . 

32. A method according to claim 31 further comprising 
storing record reading parameters which determine circumstances 

10 under which the new set of records for processing is to be 

obtained, and obtaining the new set of records for processing 
in accordance with the record reading parameters. 

33. a method according to claim 20 further comprising 
protecting each notification message by encryption and/or 

15 digital signature. 

34. a method according to claim 20 further comprising 
protecting each notification message by encryption and/or 
digital signature . 

35. a method according to claim 23 further comprising 
2 0 verifying authenticity of the respective certificate before 

sending the notification to the addressable entity obtained 
from the respective certificate. 

36. A method according to claim 2 0 further comprising 
maintaining an identification of a language of choice for each 

25 user name, before sending a notification to an addressable 
entity obtained for a particular user name, determining the 
particular user name's language of choice and including a 
translation of text in the notification message into the 
language of choice. 



37. An apparatus comprising: 

a record-user mapping memory structure which 
associates for each of a plurality of record identifiers a 
respective one or more user names; 

a receiving interface for receiving a set of records 
to be processed for remote notification, each record having a 
respective record identifier; 

a notification interface adapted to send messages to 
addressable entities; 

a record processing entity adapted to process the set 
of records by obtaining the record's record identifier's 
respective one or more user names from the record-user mapping, 
and for each user name in the record's record identifier's 
respective one or more user names obtaining from a user name- 
addressable entity mapping a respective addressable entity and 
sending a notification of the record to the addressable entity 
through the notification interface. 

38. An apparatus according to claim 37 in combination 
with the user name -addressable entity mapping from each user 
name to the respective addressable entity. 

39. An apparatus according to claim 37 adapted to perform 
remote notification of records generated by a certificate 
management system, wherein the user name-addressable entity 
mapping is part of a repository of published certificates, and 
wherein the record processing entity is adapted to obtain the 
respective addressable entity from a respective certificate 
stored in the repository of published certificates. 
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40. An apparatus according to claim 3 9 wherein the 
certificate management system comprises a PKI (public key 
infrastructure) . 

41. An apparatus according to claim 39 in combination 
with the repository of published certificates. 

42. An apparatus according to claim 39 wherein the 
addressable entity is an E-mail address, and the notification 
interface is an E-mail message sending component. 

43 # An apparatus according to claim 39 further comprising 

a configuration file adapted to store record reading 
parameters, wherein the apparatus is adapted to collect through 
the record receiving interface a new set of records for 
processing from time to time. 

44. An apparatus according to claim 3 7 further 
comprising: 

a target record memory structure adapted to contain 
an identification of at least one record identifier for which 
target record processing is to be performed; 

wherein the record processing entity is further 
adapted to process each record identifier for which target 
record name processing is to be performed by reading from the 
associated record a target user name, obtaining from the user 
name -address able entity mapping a respective addressable entity 
for the target user name and sending a notification of the 
record to the addressable entity. 

45. An apparatus according to claim 3 9 further 
comprising : 
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a target record memory structure adapted to contain 
an identification of at least one record identifier for which 
target record processing is to be performed; 

wherein the record processing entity is further 
5 adapted to process each record identifier for which target 
record processing is to be performed by reading from the 
associated record a target user name, obtaining from the 
repository of published certificates a respective addressable 
entity for the target user name and sending a notification of 
10 the record to the addressable entity. 

46. An apparatus comprising: 

a receiving interface for receiving a set of records 
to be processed for remote notification, each record having a 
respective record identifier; 

15 a notification interface adapted to send messages to 

addressable entities ; 

a target record memory structure adapted to contain 
an identification of at least one record identifier for which 
target record processing is to be performed; 

2 0 a record processing entity adapted to process each 

record in the set of records having a record identifier for 
which target record name processing is to be performed by 
reading from the record a target user name, obtaining from a 
user name-addressable entity mapping a respective addressable 

2 5 entity for the target user name and sending a notification of 
the record to the addressable entity. 

47. An apparatus according to claim 46 wherein the user- 
name addressable entity mapping comprises a repository of 
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published certificates which contains for each user name a 
respective addressable entity. 

48. An apparatus according to claim 47 in combination 
with the user name -addressable entity mapping from each user 

5 name to the respective addressable entity. 

49. An apparatus according to claim 4 7 adapted to perform 
remote notification of records generated by a certificate 
management system . 

50. An apparatus according to claim 49 wherein the 
10 certificate management system comprises a PKI (Public Key 

Infrastructure) . 

51. An apparatus according to claim 47 wherein the 
addressable entity is an E-mail address, and the notification 
interface is an E-mail message sending component. 

15 52. An apparatus according to claim 47 further comprising 

a configuration file adapted to store record reading 
parameters, wherein the apparatus is adapted to collect through 
the record receiving interface a new set of records for 
processing from time to time in accordance with the record 

20 reading parameters. 

53 . a computer readable medium having instructions stored 
thereon for instructing a processing platform to implement a 
method according to claim 1 . 

54. a computer readable medium having instructions stored 
2 5 thereon for instructing a processing platform to implement a 

method according to claim 4 . 
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55. A computer readable medium having instructions stored 

thereon for instructing a processing platform to implement a 
method according to claim 20. 



